User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:27.0) Gecko/20100101 Firefox/27.0 (Beta/Release) Build ID: 20140218140359 Steps to reproduce: Currently, Firefox asks for the master password before auto-filling the password in a form, but, it doesn't ask for the master password if the user is *already* logged in. For example, I usually remain logged into my email account for many days. If someone manages to get into my computer, he can open Firefox and view my email even without needing to know my username and password. The "startupmaster" addon (https://addons.mozilla.org/en-US/firefox/addon/startupmaster/) makes Firefox ask for the master password at startup, which is a great solution to this issue. Unfortunately, this extension does not help if the hacker opens Firefox in safe mode: firefox.exe -safe-mode The solution is to add a built-in option to ask for the master password at startup, such that it will also work in safe mode.

Hi. I am the developer of StartupMaster. Technically it wouldn't be too difficult to convert the addon into a patch for Firefox et al., but I think it doesn't really solve the problem. An attacker can still run a custom copy of Firefox without the protection from their usb stick (or use an utility to switch off the pref and start Firefox as normal). Also the files in the profile folder are still up for manual inspection. The real solution would be to encrypt the profile folder, as suggested by Yang. Which shouldn't be a WONTFIX by the way.